chore: add support for trino 455, remove old opa authorizer code

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- Added support for Trino 455 ([#638]).
+
 ### Changed
 
 - Reduce CRD size from `984KB` to `131KB` by accepting arbitrary YAML input instead of the underlying schema for the following fields ([#631]):
@@ -15,9 +19,14 @@ All notable changes to this project will be documented in this file.
 - Don't ignore envOverrides ([#633]).
 - Don't print credentials to STDOUT during startup. Ideally we should use [config-utils](https://github.com/stackabletech/config-utils), but that's not easy (see [here](https://github.com/stackabletech/trino-operator/tree/fix/secret-printing)) ([#634]).
 
+### Removed
+
+- Removed support for Trino 414 and 442 ([#638]).
+
 [#631]: https://github.com/stackabletech/trino-operator/pull/631
 [#633]: https://github.com/stackabletech/trino-operator/pull/633
 [#634]: https://github.com/stackabletech/trino-operator/pull/634
+[#638]: https://github.com/stackabletech/trino-operator/pull/638
 
 ## [24.7.0] - 2024-07-24
 

docs/modules/trino/examples/getting_started/code/trino.yaml

@@ -5,7 +5,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

docs/modules/trino/examples/getting_started/code/trino.yaml.j2

@@ -5,7 +5,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

docs/modules/trino/examples/usage-guide/trino-insecure.yaml

@@ -17,7 +17,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

docs/modules/trino/examples/usage-guide/trino-secure-internal-tls.yaml

@@ -17,7 +17,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     tls:
       internalSecretClass: trino-internal-tls # <1>

docs/modules/trino/examples/usage-guide/trino-secure-tls-only.yaml

@@ -17,7 +17,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     tls:
       serverSecretClass: trino-tls # <1>

docs/modules/trino/examples/usage-guide/trino-secure-tls.yaml

@@ -17,7 +17,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     tls:
       serverSecretClass: trino-tls # <1>

docs/modules/trino/pages/usage-guide/catalogs/index.adoc

@@ -72,7 +72,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

docs/modules/trino/pages/usage-guide/security.adoc

@@ -105,24 +105,10 @@ NOTE: For a production setup you will use something much more granular.
 We provide a detailed set of rego rules in our integration tests.
 Details can be found below in the <<fine-granular-rego-rules, fine-granular rego rule>> section.
 
-NOTE: Due to changes in the Trino OPA authorizer, rego rules differ between version 414 and newer versions.
-
-[tabs]
-====
-414::
-+
-[source,yaml]
-----
-include::example$usage-guide/opa-bundle-trino-cm-414.yaml[]
-----
-
-Newer than 414::
-+
 [source,yaml]
 ----
-include::example$usage-guide/opa-bundle-trino-cm-new.yaml[]
+include::example$usage-guide/opa-bundle-trino-cm.yaml[]
 ----
-====
 
 Reference the package in the Trino cluster:
 

docs/modules/trino/partials/supported-versions.adoc

@@ -2,6 +2,5 @@
 // This is a separate file, since it is used by both the direct Trino documentation, and the overarching
 // Stackable Platform documentation.
 
+- 455
 - 451 (LTS)
-- 442 (deprecated)
-- 414 (deprecated)

examples/simple-trino-cluster-authentication-opa-authorization-s3.yaml

@@ -5,7 +5,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     authentication:
       - authenticationClass: simple-trino-users
@@ -66,22 +66,22 @@ data:
   trino.rego: |
     package trino
 
-    import future.keywords.in
+    import rego.v1
 
     default allow = false
 
     # Allow non-batched access
-    allow {
+    allow_if {
       is_admin
     }
     # Allow batched access
-    extended[i] {
+    batch contains i if {
       some i
       input.action.filterResources[i]
       is_admin
     }
     # Corner case: filtering columns is done with a single table item, and many columns inside
-    extended[i] {
+    batch contains i if {
       some i
       input.action.operation == "FilterColumns"
       count(input.action.filterResources) == 1
@@ -90,22 +90,22 @@ data:
     }
 
     # Special rules for bob
-    allow {
+    allow if {
       input.action.operation in ["ExecuteQuery", "AccessCatalog"]
       is_bob
     }
-    extended[i] {
+    batch contains i if {
       input.action.operation in ["FilterCatalogs"]
       some i
       input.action.filterResources[i]
       is_bob
     }
 
-    is_admin() {
+    is_admin() if {
       input.context.identity.user == "admin"
     }
 
-    is_bob() {
+    is_bob() if {
       input.context.identity.user == "bob"
     }
 ---

examples/simple-trino-cluster-hive-ha-s3.yaml

@@ -9,7 +9,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

examples/simple-trino-cluster-resource-limits.yaml

@@ -5,7 +5,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector: {}
   coordinators:

examples/simple-trino-cluster-s3.yaml

@@ -7,7 +7,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

examples/simple-trino-cluster.yaml

@@ -5,7 +5,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     catalogLabelSelector:
       matchLabels:

examples/simple-trino-oauth2.yaml

@@ -91,7 +91,7 @@ metadata:
   name: simple-trino
 spec:
   image:
-    productVersion: "451"
+    productVersion: "455"
   clusterConfig:
     authentication:
       - authenticationClass: simple-trino-oidc

rust/crd/src/affinity.rs

@@ -112,7 +112,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector:
               matchLabels:
@@ -199,7 +199,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector:
               matchLabels:

rust/crd/src/lib.rs

@@ -875,7 +875,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
         "#;
@@ -890,7 +890,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
             tls:
@@ -907,7 +907,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
             tls:
@@ -925,7 +925,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
             tls:
@@ -945,7 +945,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
         "#;
@@ -960,7 +960,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
             tls:
@@ -977,7 +977,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
             tls:
@@ -998,7 +998,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
         "#;
@@ -1018,7 +1018,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
           workers:
@@ -1044,7 +1044,7 @@ mod tests {
           name: simple-trino
         spec:
           image:
-            productVersion: "451"
+            productVersion: "455"
           clusterConfig:
             catalogLabelSelector: {}
           workers: